Closed Bug 1728337 Opened 1 year ago Closed 1 year ago

91.0.3 S/MIME can not be decrypted

Categories

(Thunderbird :: Security, defect)

Thunderbird 91
defect

Tracking

(Not tracked)

RESOLVED WORKSFORME

People

(Reporter: mark, Unassigned)

References

Details

Attachments

(1 file)

Attached image 2021-08-31_16h53_17.png

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Edg/92.0.902.84

Steps to reproduce:

After Update from 78.13.0 to 91.0.3 S/MIME emails can not longer be decryted when received or sent.

I can send a email and encrypt it, but I am not able to read the send mail (even send to myself)

tested 2 different Mail clients: Outlook (Windows) and Nine (Android) can decrypt the sent and received message, encrypted by TB 91.0.3

Actual results:

encrypted mail can not be decryptet

Expected results:

should be decrypted

Summary: 91.0.3 S/MIME can not be encryptet → 91.0.3 S/MIME can not be decryptet
Summary: 91.0.3 S/MIME can not be decryptet → 91.0.3 S/MIME can not be decrypted

Thanks for reporting. Can you test with a fresh profile, import your SMIME certs/keys, setup your mail accounts, see if the sent mails can be decrypted?

See bug 1726442.
Does setting security.osclientcerts.autoload false help?

(In reply to Magnus Melin [:mkmelin] from comment #2)

See bug 1726442.
Does setting security.osclientcerts.autoload false help?

Perfect! That did the trick. Thanks a lot.

(In reply to Ping Chen (:rnons) from comment #1)

Thanks for reporting. Can you test with a fresh profile, import your SMIME certs/keys, setup your mail accounts, see if the sent mails can be decrypted?

From a fresh new client, I can not even sign a message. Importing the Chain and certificate works fine. It shows up in configuration, but does not work. -> "Signature can not be found or certificate expired"

Blocks: tb91found

S/MIME is completely broken, even on 91.1.0 (64-bit) Windows.
Tested with some text in body between TB 78 (latest) <> 91.1.0
Email encrypted by 78 is not readable by 91.1.0.

This is serious!

Ok, not serious, disabling AddOns helped so it is probably related to that?
I currently have these AddOns installed:
https://abload.de/img/capture6vk6d.png

After re-enabling the AddOns decryption still works...

(In reply to u690967 from comment #6)

After re-enabling the AddOns decryption still works...

No AddOns at all at my site. I need to disable the Microsoft certificate store, which is really bad, because other certificates are now missing. Providing and managing 2 separate certificate stores (one für TB one for MS) is unsatisfying.

Yes OS certificate store can't be used for S/MIME, but that should be no different from what it was in 78.

-> WFM.

Status: UNCONFIRMED → RESOLVED
Closed: 1 year ago
Resolution: --- → WORKSFORME

(In reply to Magnus Melin [:mkmelin] from comment #9)

-> WFM.

Lucky you are ... but it doesn´t work for me. 78.* was functional, 91.* only with the mozilla certificates store.
-> security.osclientcerts.autoload = false

With the MS certificate store, mails can by encrypted, but after sending, not be decrypted if security.osclientcerts.autoload = true

doublechecked now in every update since the first 91.*

It is still a bug.

78 had security.osclientcerts.autoload false.
Also in 91, it must be false like you said. You can't use security.osclientcerts.autoload true with S/MIME.

You need to log in before you can comment on or make changes to this bug.